Data theft is truly a cruel crime

ANOTHER week, another data breach. The regularity of such stories is becoming as commonplace as random shootings in the US, it seems.

And while that might seem like a trivial comment, it is not meant to be.

The words ‘data breach’ sound innocent enough, and nothing at all like a school or birthday party shooting. But some have incredibly serious consequences.

While the aftermath of the increasingly widespread violent attacks on children and other innocent victims are immediately visible – camera crews and banks of reporters rushing to convey the news to the world – the results of a data breach are hidden by their ‘virtual’ nature.

There have been several high profile breaches in recent years, not least of all the massive attack which crippled the HSE’s systems in 2021. The Department of Health spent €1m that year reviewing IT processes following the attack, and but had to spend a massive €51m in the immediate aftermath of the breach.

And while the fear of the dissemination of intimate medical records left up to 100,000 worried about their data being publicised, that paled in comparison with the effect of this week’s confirmation that Derry-based firm Evide had its systems attacked.

A total of nine organisations in the Republic of Ireland were said to have been among the 140 charities and organisations whose data was breached.

The Northern Ireland company monitors the impact of several intervention services, and some of those impacted deal with the survivors of sexual abuse.

This means that some of the data ‘compromised’, or stolen, relates to some of the most intimate and private information a human can possess.

Among those organisations whose data was breached was One in Four – the organisation set up to provide professional counselling to adult survivors of childhood sexual abuse. They also accompany survivors to court hearings, and work with offenders too.

It is difficult to imagine the incredible effect that such a data breach could have on a survivor.

Having experienced the most personal type of physical violation, and having shared that with a third party, to then find those details may be in the hands of a criminal gang, must be horrific. It represents a further trauma for those involved, and a further sense of betrayal.

This week the organisation posted on its website that they had begun contacting individual clients directly, to advise them of the incident and to address any concerns they may have. They acknowledged that clients ‘may find this incident distressing’ adding that their priority, at all times, is the welfare and well-being of clients.  

While One in Four came forward with details of the breach, there has been little information regarding the other eight organisations affected in the South.

This week the Bantry-based West Cork Women Against Violence project confirmed that their data was not affected, as it is not held by Evide.

But there are bound to be many people who have engaged with the other eight organisations and are petrified that their personal information could be made public at any minute.

Without knowing all the companies involved, there must be thousands of clients of these support services worried today – many of them needlessly.

Hopefully, all of that anxiety will prove ‘needless’ in the end.

But it seems such breaches are becoming increasingly more prevalent.

Almost every piece of physical and mental health information on the western world’s citizens is digitally stored – leaving it all vulnerable to theft.

It is difficult to know how we are going to combat this in years to come.

Centralised data gathering firms, like Evide, are particularly targeted by criminals because there is more ‘bang’ for their cyber ‘buck’ by taking down one firm that contains the information of several smaller ones.

This exerts pressure from several different sources on the data collector, for a ransom to be paid to the thieves.

And even if a ransom is paid, the horse has bolted, and nobody can be sure where that information will ultimately end up, or indeed if it will resurface again at some time in the future.

Data theft is the major new threat of our time. While the theft of material items is always painful and upsetting, there is nothing as effective as taking a person’s secrets and threatening to expose them. It represents the ultimate ransom demand. 

The only real security against such threats is to return our data collection system to pen and paper methods – far away from the ‘cloud’.

It would seem the old ways, sometimes at least, really are the best ways.